魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2021-06-18 18:38:51 | 2021-06-18 18:40:56 | 125 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp03-1 | win7-sp1-x64-shaapp03-1 | KVM | 2021-06-18 18:38:51 | 2021-06-18 18:40:57 |
| 魔盾分数 |
|---|
10.0Malicious |
文件详细信息
| 文件名 | 蠕虫专清工具.com |
|---|---|
| 文件大小 | 17920 字节 |
| 文件类型 | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| CRC32 | A4934099 |
| MD5 | ab42b45571f9c6e7d92aede417486680 |
| SHA1 | 4e73ad5aa37b771fdb4334c99cc3155519087502 |
| SHA256 | e617f03cf1f77d357fb10da2b07b265b96d04135f9d4cfbfb4b5f96a1945e543 |
| SHA512 | f625f160cccbc4dbf601ca0e15fa0849ff8c9374f3f24f4fd57f9fe23e664db34abf1d547b7c44f8c70bc9b6377e0860f979c2e6aa93ab0f84b7fd124736754c |
| Ssdeep | 384:0j8Ul5XOABiOhBDNp8acrZrFL8wckjvnfdj/tkzYcExbb8PZ:vUnOH4BCrXfdjVwYcExu |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2020-04-06 00:55:13 扫描结果: 8/70 |
特征
通过进程尝试延迟分析任务
Process: __________________.com tried to sleep 61 seconds, actually delayed analysis time by 0 seconds
创建RWX内存
魔盾安全Yara检测结果 - 普通
检测到网络活动但没有显示在API日志中
ip: 23.218.94.155
domain: acroipm.adobe.com
文件已被至少一个VirusTotal上的反病毒引擎检测为病毒
BitDefenderTheta: Gen:NN.ZemsilF.34104.bm0@aeTTmGi
APEX: Malicious
Avast: Win32:Malware-gen
AegisLab: Trojan.Win32.Generic.4!c
SentinelOne: DFI - Malicious PE
AVG: Win32:Malware-gen
CrowdStrike: win/malicious_confidence_60% (W)
Qihoo-360: Generic/HEUR/QVM03.0.5E1D.Malware.Gen
运行截图
网络分析
域名解析
| 域名 | 响应 |
|---|---|
| acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 23.218.94.163 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00404f26 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000145c9 |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | C:\Users\cdj68\Source\Repos\EncryptSynaptics\obj\Release\EncryptSynaptics.pdb |
| 编译时间 | 2043-06-18 23:23:22 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
版本信息
| Translation: | 0x0000 0x04b0 |
| LegalCopyright: | Copyright \xc2 2019 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | EncryptSynaptics.exe |
| FileVersion: | 1.0.0.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | EncryptSynaptics |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | EncryptSynaptics |
| OriginalFilename: | EncryptSynaptics.exe |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x00002f2c | 0x00003000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.76 |
| .rsrc | 0x00006000 | 0x000010fc | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.56 |
| .reloc | 0x00008000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.08 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x00006090 | 0x0000035c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.27 | data |
| RT_MANIFEST | 0x000063fc | 0x00000cfa | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.89 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
导入
库 mscoree.dll:
• 0x402000 - _CorExeMain
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
__________________.com PID: 2456, 上一级进程 PID: 2160
访问的文件
- C:\Windows\sysnative\MSCOREE.DLL.local
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Windows\Microsoft.NET\Framework64\*
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Users\test\AppData\Local\Temp\__________________.com.config
- C:\Users\test\AppData\Local\Temp\__________________.com
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSVCR120_CLR0400.dll
- C:\Windows\sysnative\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll.aux
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ole32.dll
- \Device\KsecDD
- C:\Users\test\AppData\Local\Temp\__________________.config
- C:\Windows\assembly\NativeImages_v4.0.30319_64\EncryptSynaptics\*
- C:\Users\test\AppData\Local\Temp\__________________.INI
- C:\Windows\assembly\pubpol49.dat
- C:\Windows\assembly\GAC\PublisherPolicy.tme
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\85a40a6654f0aac2a2c52d1deb4d3f17\Microsoft.VisualBasic.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\85a40a6654f0aac2a2c52d1deb4d3f17\Microsoft.VisualBasic.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
- C:\ProgramData\Synaptics\Synaptics.exe
- C:
- C:\Windows\sysnative\msinfo32.exe
- C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7601.17514_none_617c25c51f43e03f\ieinstal.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
- C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
- C:\Program Files\Microsoft Games\Hearts\Hearts.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.1.7600.16385_none_fe560f0352e04f48\MineSweeper.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39\PurblePlace.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exe
- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe
- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\wab.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\wabmig.exe
- C:\Program Files\Windows Mail\WinMail.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_0c19cef0ed2a642e\setup_wm.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.1.7601.17514_none_7920b60d569a4a1e\wmlaunch.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_6.1.7601.17514_none_4c8976380e00631f\WMPDMC.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff\wmpenc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmplayer.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7600.16385_none_13b9b4b7d327a721\wmpnscfg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.1.7600.16385_none_1c92c4d88ce86757\wmprph.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpshare.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..yer-sideshow-gadget_31bf3856ad364e35_6.1.7600.16385_none_841e9494c8a32794\WMPSideShowGadget.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_8be07ea283850f02\wordpad.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe
- C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe
- C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
- C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe
- C:\Windows\SysWOW64\msinfo32.exe
- C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.7601.17514_none_4abf71c398c9a7d6\ExtExport.exe
- C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7601.17514_none_055d8a4166e66f09\ieinstal.exe
- C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
- C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wab.exe
- C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wabmig.exe
- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
- C:\Program Files (x86)\Windows Media Player\wmlaunch.exe
- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmpconfig.exe
- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
- C:\Program Files (x86)\Windows Media Player\wmpenc.exe
- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
- C:\Program Files (x86)\Windows Media Player\wmprph.exe
- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
- C:\Windows\winsxs\x86_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_247621f7aa7542ff\ImagingDevices.exe
- C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe
- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.1.7601.17514_none_843a86a1bc33fcd1\bfsvc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe
- C:\Windows\HelpPane.exe
- C:\Windows\winsxs\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_6.1.7600.16385_none_244ae8599e6d81bb\hh.exe
- C:\Windows\sysnative\notepad.exe
- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-spooler-splwow64_31bf3856ad364e35_6.1.7601.17514_none_25d05769a8973724\splwow64.exe
- C:\Windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.1.7601.17514_none_8b399e33ba72bed9\twunk_16.exe
- C:\Windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.1.7601.17514_none_8b399e33ba72bed9\twunk_32.exe
- C:\Windows\winsxs\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7600.16385_none_28dc647c6aba6742\winhlp32.exe
- C:\Windows\sysnative\write.exe
- C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_3.5.7600.16385_none_8c3cf176a8e91487\MSBuild.exe
- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
- C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\ComSvcConfig.exe
- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
- C:\Windows\sysnative\Narrator.exe
- C:\Windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.1.7600.16385_none_0da126f11187fafa\PresentationFontCache.exe
- C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e\SMSvcHost.exe
- C:\Windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_dd3a06567424a01b\WsatConfig.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe
- C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9\memtest.exe
- C:\Windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.1.7601.17514_none_3d9659600c3683e3\NETFXSBS10.exe
- C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe
- C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ed4e6c0f14dce27e\aspnet_compiler.exe
- C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb944\aspnet_regbrowsers.exe
- C:\Windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_e6af0acbde467b7b\aspnet_regiis.exe
- C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_2461659e78807255\aspnet_regsql.exe
- C:\Windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_994532c948ec8e69\aspnet_wp.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- C:\Windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7600.16385_none_d2fff1dae966863c\csc.exe
- C:\Windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7601.17514_none_ba1c770af0b2031b\cvtres.exe
- C:\Windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.1.7600.16385_none_a223bd3dd785391a\dw20.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- C:\Windows\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_d76c81de4a71c338\ilasm.exe
- C:\Windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_4fd3f543ddc446fa\InstallUtil.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_558f74866ddb8017\MSBuild.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_eb70808bd228319e\RegAsm.exe
- C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.1.7601.17514_none_be8bab32249b2a4e\RegSvcs.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- C:\Windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.1.7601.17514_none_1f2918adb8a9c100\ServiceModelReg.exe
- C:\Windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.1.7601.17514_none_0228c5fb7b680376\SMConfigInstaller.exe
- C:\Windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.1.7600.16385_none_55e4a2a4de407800\XamlViewer_v0300.exe
- C:\Windows\winsxs\msil_addinprocess_b77a5c561934e089_6.1.7601.17514_none_f9a5b9a7f0e068e4\AddInProcess.exe
- C:\Windows\winsxs\x86_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_83171a284b28fcec\AddInProcess32.exe
- C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\AddInUtil.exe
- C:\Windows\winsxs\x86_netfx35linq-csharp_31bf3856ad364e35_6.1.7601.17514_none_193318f5726bf1d7\csc.exe
- C:\Windows\winsxs\msil_datasvcutil_b77a5c561934e089_6.1.7601.17514_none_cfdc452bbab5ec47\DataSvcUtil.exe
- C:\Windows\winsxs\msil_edmgen_b77a5c561934e089_6.1.7601.17514_none_cddf79f7120d371d\EdmGen.exe
- C:\Windows\winsxs\x86_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7601.17514_none_9809be824da2c173\vbc.exe
- C:\Windows\winsxs\x86_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_58326e688d4907c6\WFServicesReg.exe
- C:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_51e5e402131afc4a\AppLaunch.exe
- C:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_a5a135380060b978\aspnet_compiler.exe
- C:\Windows\winsxs\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_96421d40c0e2903e\aspnet_regbrowsers.exe
- C:\Windows\winsxs\amd64_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_9f01d3f4c9ca5275\aspnet_regiis.exe
- C:\Windows\winsxs\amd64_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_dcb42ec76404494f\aspnet_regsql.exe
- C:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13\aspnet_state.exe
- C:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_5197fbf234706563\aspnet_wp.exe
- C:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\CasPol.exe
- C:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7600.16385_none_8b52bb03d4ea5d36\csc.exe
- C:\Windows\winsxs\amd64_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7601.17514_none_726f4033dc35da15\cvtres.exe
- C:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_96dbb959ba7c7a79\dfsvc.exe
- C:\Windows\winsxs\amd64_netfx-dw_b03f5f7f11d50a3a_6.1.7600.16385_none_5a768666c3091014\dw20.exe
- C:\Windows\winsxs\amd64_netfx-ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_7dfc94f7357c56d2\IEExec.exe
- C:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_8fbf4b0735f59a32\ilasm.exe
- C:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_0826be6cc9481df4\InstallUtil.exe
- C:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_14e6e9dab736481d\jsc.exe
- C:\Windows\winsxs\amd64_netfx-ldr64_exe_31bf3856ad364e35_6.1.7600.16385_none_f98e4869675ab367\Ldr64.exe
- C:\Windows\winsxs\amd64_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_0de23daf595f5711\MSBuild.exe
- C:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_acd03d9b9048bd78\mscorsvw.exe
- C:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8\ngen.exe
- C:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898\RegAsm.exe
- C:\Windows\winsxs\amd64_regsvcs_b03f5f7f11d50a3a_6.1.7601.17514_none_76de745b101f0148\RegSvcs.exe
- C:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_cc9e34fd4e687b15\vbc.exe
- C:\Windows\winsxs\amd64_wcf-comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_52db65a773b633fd\ComSvcConfig.exe
- C:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.17514_none_583a8c60c0b305a1\infocard.exe
- C:\Windows\winsxs\amd64_wcf-servicemodelreg_b03f5f7f11d50a3a_6.1.7601.17514_none_40fc6e6d1b4ea992\ServiceModelReg.exe
- C:\Windows\winsxs\amd64_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.1.7601.17514_none_5e47617f33c574ac\SMConfigInstaller.exe
- C:\Windows\winsxs\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22\SMSvcHost.exe
- C:\Windows\winsxs\amd64_wcf-wsatconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_d7ce65f32404434b\WsatConfig.exe
- C:\Windows\winsxs\amd64_wpf-presentationfontcache_31bf3856ad364e35_6.1.7601.17514_none_63bf9c3e28cd9bfb\PresentationFontCache.exe
- C:\Windows\winsxs\amd64_wpf-xamlviewer_31bf3856ad364e35_6.1.7601.17514_none_b43451f0938c6cd0\XamlViewer_v0300.exe
- C:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe
- C:\Windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe
- C:\Windows\winsxs\amd64_netfx35linq-addinutil_31bf3856ad364e35_6.1.7601.17514_none_29443e96f9fb6564\AddInUtil.exe
- C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe
- C:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17514_none_ed7ce39bb395c4e0\DataSvcUtil.exe
- C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe
- C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe
- C:\Windows\winsxs\amd64_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_b45109ec45a678fc\WFServicesReg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.1.7601.17514_none_ef3338f363c6403c\TrustedInstaller.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17514_none_736d5be520319b24\tzupd.exe
- C:\Users\test\AppData\Local\Temp\svchost.exe
- C:\Program Files (x86)\WinSCP\unins000.exe
- C:\Program Files (x86)\WinSCP\WinSCP.exe
- C:\Program Files (x86)\WinSCP\PuTTY\pageant.exe
- C:\Program Files (x86)\WinSCP\PuTTY\puttygen.exe
- C:\Windows\sysnative\UnRAR.exe
- C:\Python27\w9xpopen.exe
- C:\Windows\assembly\GAC_64
- C:\Windows\assembly\GAC_64\mscorlib.resources
- C:\Windows\assembly\GAC_32
- C:\Windows\assembly\GAC_32\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\GAC
- C:\Windows\assembly\GAC\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.INI
- C:\Python27\python.exe
- C:\Python27\pythonw.exe
- C:\Windows\Speech\Common\sapisvr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5\AdapterTroubleshooter.exe
- C:\Windows\sysnative\aitagent.exe
- C:\Windows\sysnative\alg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appidcertstorecheck.exe
- C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appidpolicyconverter.exe
- C:\Windows\sysnative\at.exe
- C:\Windows\sysnative\AtBroker.exe
- C:\Windows\sysnative\attrib.exe
- C:\Windows\sysnative\audiodg.exe
- C:\Windows\sysnative\auditpol.exe
- C:\Windows\sysnative\autochk.exe
- C:\Windows\sysnative\autoconv.exe
- C:\Windows\sysnative\autofmt.exe
- C:\Windows\sysnative\AxInstUI.exe
- C:\Windows\sysnative\bcdboot.exe
- C:\Windows\sysnative\bcdedit.exe
- C:\Windows\sysnative\BdeUISrv.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe
- C:\Windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe
- C:\Windows\sysnative\bootcfg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridgeunattend.exe
- C:\Windows\winsxs\amd64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_c33f455aebcd9dbb\bthudtask.exe
- C:\Windows\sysnative\cacls.exe
- C:\Windows\sysnative\calc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_51bcbc61a5466a58\CertEnrollCtrl.exe
- C:\Windows\sysnative\certreq.exe
- C:\Windows\sysnative\certutil.exe
- C:\Windows\sysnative\charmap.exe
- C:\Windows\sysnative\chkdsk.exe
- C:\Windows\sysnative\chkntfs.exe
- C:\Windows\sysnative\choice.exe
- C:\Windows\sysnative\cipher.exe
- C:\Windows\sysnative\cleanmgr.exe
- C:\Windows\sysnative\cliconfg.exe
- C:\Windows\sysnative\clip.exe
- C:\Windows\sysnative\cmd.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_38dc646bf68909f4\cmdkey.exe
- C:\Windows\sysnative\cmdl32.exe
- C:\Windows\sysnative\cmmon32.exe
- C:\Windows\sysnative\cmstp.exe
- C:\Windows\sysnative\cofire.exe
- C:\Windows\sysnative\colorcpl.exe
- C:\Windows\sysnative\comp.exe
- C:\Windows\sysnative\compact.exe
- C:\Windows\winsxs\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.1.7600.16385_none_ea0a643b0e032c19\CompMgmtLauncher.exe
- C:\Windows\winsxs\amd64_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_626b9352dcfa715c\ComputerDefaults.exe
- C:\Windows\sysnative\conhost.exe
- C:\Windows\sysnative\consent.exe
- C:\Windows\sysnative\control.exe
- C:\Windows\sysnative\convert.exe
- C:\Windows\sysnative\credwiz.exe
- C:\Windows\sysnative\cscript.exe
- C:\Windows\sysnative\csrss.exe
- C:\Windows\sysnative\ctfmon.exe
- C:\Windows\sysnative\cttune.exe
- C:\Windows\winsxs\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_4befc8eb38093bb1\cttunesvr.exe
- C:\Windows\sysnative\dccw.exe
- C:\Windows\sysnative\dcomcnfg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe
- C:\Windows\sysnative\Defrag.exe
- C:\Windows\winsxs\amd64_microsoft-windows-fdddo_31bf3856ad364e35_6.1.7600.16385_none_b0de2afe4ca7a1e2\DeviceDisplayObjectProvider.exe
- C:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.1.7600.16385_none_44d62330646f757a\DeviceEject.exe
- C:\Windows\winsxs\amd64_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_cb9353551bbd8ed8\DevicePairingWizard.exe
- C:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe
- C:\Windows\sysnative\DFDWiz.exe
- C:\Windows\sysnative\dfrgui.exe
- C:\Windows\sysnative\dialer.exe
- C:\Windows\sysnative\diantz.exe
- C:\Windows\sysnative\dinotify.exe
- C:\Windows\sysnative\diskpart.exe
- C:\Windows\sysnative\diskperf.exe
- C:\Windows\sysnative\diskraid.exe
- C:\Windows\sysnative\Dism.exe
- C:\Windows\sysnative\dispdiag.exe
- C:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21\DisplaySwitch.exe
- C:\Windows\sysnative\djoin.exe
- C:\Windows\sysnative\dllhost.exe
- C:\Windows\sysnative\dllhst3g.exe
- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnscacheugc.exe
- C:\Windows\sysnative\doskey.exe
- C:\Windows\sysnative\dpapimig.exe
- C:\Windows\winsxs\amd64_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_d63cc4dd74a11d0b\DpiScaling.exe
- C:\Windows\sysnative\dpnsvr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683\driverquery.exe
- C:\Windows\sysnative\drvinst.exe
- C:\Windows\sysnative\dvdplay.exe
- C:\Windows\sysnative\dvdupgrd.exe
- C:\Windows\sysnative\dwm.exe
- C:\Windows\sysnative\dxdiag.exe
- C:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\Dxpserver.exe
- C:\Windows\sysnative\Eap3Host.exe
- C:\Windows\sysnative\efsui.exe
- C:\Windows\winsxs\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_9db1ae483049e160\EhStorAuthn.exe
- C:\Windows\sysnative\esentutl.exe
- C:\Windows\sysnative\eudcedit.exe
- C:\Windows\winsxs\amd64_microsoft-windows-eventcreate_31bf3856ad364e35_6.1.7600.16385_none_3157c24b5944e2a3\eventcreate.exe
- C:\Windows\sysnative\eventvwr.exe
- C:\Windows\sysnative\expand.exe
- C:\Windows\sysnative\extrac32.exe
- C:\Windows\sysnative\fc.exe
- C:\Windows\sysnative\find.exe
- C:\Windows\sysnative\findstr.exe
- C:\Windows\sysnative\finger.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_097346be305f3966\fixmapi.exe
- C:\Windows\sysnative\fltMC.exe
- C:\Windows\sysnative\fontview.exe
- C:\Windows\sysnative\forfiles.exe
- C:\Windows\sysnative\fsutil.exe
- C:\Windows\sysnative\ftp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_6.1.7600.16385_none_78e75d04c1b0c873\fvenotify.exe
- C:\Windows\winsxs\amd64_microsoft-windows-securestartup-prompt_31bf3856ad364e35_6.1.7600.16385_none_4c045ec8fda52d34\fveprompt.exe
- C:\Windows\sysnative\FXSCOVER.exe
- C:\Windows\sysnative\FXSSVC.exe
- C:\Windows\sysnative\FXSUNATD.exe
- C:\Windows\sysnative\getmac.exe
- C:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe
- C:\Windows\sysnative\gpresult.exe
- C:\Windows\sysnative\gpupdate.exe
- C:\Windows\sysnative\grpconv.exe
- C:\Windows\sysnative\hdwwiz.exe
- C:\Windows\sysnative\help.exe
- C:\Windows\sysnative\icacls.exe
- C:\Windows\sysnative\icardagt.exe
- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe
- C:\Windows\sysnative\ie4uinit.exe
- C:\Windows\sysnative\ieUnatt.exe
- C:\Windows\sysnative\iexpress.exe
- C:\Windows\winsxs\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.1.7600.16385_none_c8897566b5c070a0\InfDefaultInstall.exe
- C:\Windows\sysnative\ipconfig.exe
- C:\Windows\sysnative\irftp.exe
- C:\Windows\sysnative\iscsicli.exe
- C:\Windows\sysnative\iscsicpl.exe
- C:\Windows\sysnative\isoburn.exe
- C:\Windows\sysnative\klist.exe
- C:\Windows\sysnative\ksetup.exe
- C:\Windows\sysnative\ktmutil.exe
- C:\Windows\sysnative\label.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe
- C:\Windows\sysnative\Locator.exe
- C:\Windows\sysnative\lodctr.exe
- C:\Windows\sysnative\logagent.exe
- C:\Windows\sysnative\logman.exe
- C:\Windows\sysnative\LogonUI.exe
- C:\Windows\sysnative\lpksetup.exe
- C:\Windows\sysnative\lpremove.exe
- C:\Windows\sysnative\lsass.exe
- C:\Windows\sysnative\lsm.exe
- C:\Windows\sysnative\Magnify.exe
- C:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85\makecab.exe
- C:\Windows\winsxs\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_6.1.7601.17514_none_5840c326cdf5dca9\manage-bde.exe
- C:\Windows\sysnative\mblctr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe
- C:\Windows\sysnative\mctadmin.exe
- C:\Windows\sysnative\MdRes.exe
- C:\Windows\sysnative\MdSched.exe
- C:\Windows\sysnative\mfpmp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
- C:\Windows\sysnative\mmc.exe
- C:\Windows\sysnative\mobsync.exe
- C:\Windows\sysnative\mountvol.exe
- C:\Windows\sysnative\mpnotify.exe
- C:\Windows\sysnative\MpSigStub.exe
- C:\Windows\sysnative\msconfig.exe
- C:\Windows\sysnative\msdt.exe
- C:\Windows\sysnative\msdtc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_752e3bb068638683\msfeedssync.exe
- C:\Windows\sysnative\mshta.exe
- C:\Windows\sysnative\msiexec.exe
- C:\Windows\sysnative\mspaint.exe
- C:\Windows\sysnative\msra.exe
- C:\Windows\sysnative\mstsc.exe
- C:\Windows\sysnative\mtstocom.exe
- C:\Windows\winsxs\amd64_microsoft-windows-international-core_31bf3856ad364e35_6.1.7600.16385_none_459f562ff37206dd\MuiUnattend.exe
- C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\MultiDigiMon.exe
- C:\Windows\sysnative\nbtstat.exe
- C:\Windows\sysnative\ndadmin.exe
- C:\Windows\sysnative\net.exe
- C:\Windows\sysnative\net1.exe
- C:\Windows\sysnative\netbtugc.exe
- C:\Windows\sysnative\netcfg.exe
- C:\Windows\sysnative\netiougc.exe
- C:\Windows\sysnative\Netplwiz.exe
- C:\Windows\sysnative\netsh.exe
- C:\Windows\sysnative\newdev.exe
- C:\Windows\sysnative\nltest.exe
- C:\Windows\sysnative\nslookup.exe
- C:\Windows\sysnative\ntoskrnl.exe
- C:\Windows\sysnative\ntprint.exe
- C:\Windows\sysnative\ocsetup.exe
- C:\Windows\sysnative\odbcad32.exe
- C:\Windows\sysnative\odbcconf.exe
- C:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
- C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa\OptionalFeatures.exe
- C:\Windows\sysnative\osk.exe
- C:\Windows\sysnative\p2phost.exe
- C:\Windows\sysnative\pcalua.exe
- C:\Windows\sysnative\pcaui.exe
- C:\Windows\sysnative\pcawrk.exe
- C:\Windows\sysnative\pcwrun.exe
- C:\Windows\sysnative\perfmon.exe
- C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\PkgMgr.exe
- C:\Windows\sysnative\PkgMgr.exe
- C:\Windows\sysnative\plasrv.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..tomizationsnonwinpe_31bf3856ad364e35_6.1.7601.17514_none_29f4eed2a5d64c25\PnPUnattend.exe
- C:\Windows\sysnative\PnPutil.exe
- C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\poqexec.exe
- C:\Windows\sysnative\poqexec.exe
- C:\Windows\sysnative\powercfg.exe
- C:\Windows\winsxs\amd64_wpf-presentationhostexe_31bf3856ad364e35_6.2.7601.17514_none_96490604d588c19b\PresentationHost.exe
- C:\Windows\winsxs\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_a1636a92177e3020\prevhost.exe
- C:\Windows\sysnative\print.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.1.7600.16385_none_87a28b30f517e40e\printfilterpipelinesvc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d\printui.exe
- C:\Windows\sysnative\proquota.exe
- C:\Windows\sysnative\psr.exe
- C:\Windows\sysnative\rasautou.exe
- C:\Windows\sysnative\rasdial.exe
- C:\Windows\winsxs\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.1.7600.16385_none_8be8919a8f43b3f6\raserver.exe
- C:\Windows\sysnative\rasphone.exe
- C:\Windows\winsxs\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37\rdrleakdiag.exe
- C:\Windows\sysnative\ReAgentc.exe
- C:\Windows\sysnative\recdisc.exe
- C:\Windows\sysnative\recover.exe
- C:\Windows\sysnative\reg.exe
- C:\Windows\sysnative\regedt32.exe
- C:\Windows\sysnative\regini.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.7601.17514_none_a0c922c3b170dd5d\RegisterIEPKEYs.exe
- C:\Windows\sysnative\regsvr32.exe
- C:\Windows\sysnative\rekeywiz.exe
- C:\Windows\sysnative\relog.exe
- C:\Windows\sysnative\RelPost.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_6.1.7601.17514_none_301a46c726a4cdc6\repair-bde.exe
- C:\Windows\sysnative\replace.exe
- C:\Windows\sysnative\resmon.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b\RMActivate.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c\RMActivate_isv.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_533cd4f8150e6a86\RMActivate_ssp_isv.exe
- C:\Windows\sysnative\RmClient.exe
- C:\Windows\sysnative\Robocopy.exe
- C:\Windows\sysnative\RpcPing.exe
- C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4\rrinstaller.exe
- C:\Windows\sysnative\rstrui.exe
- C:\Windows\sysnative\runas.exe
- C:\Windows\sysnative\rundll32.exe
- C:\Windows\winsxs\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.1.7600.16385_none_6d0100c50efddc3c\RunLegacyCPLElevated.exe
- C:\Windows\sysnative\runonce.exe
- C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sbunattend.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_6.1.7600.16385_none_d0632cbfee5db937\sc.exe
- C:\Windows\sysnative\schtasks.exe
- C:\Windows\sysnative\sdbinst.exe
- C:\Windows\sysnative\sdchange.exe
- C:\Windows\sysnative\sdclt.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_761ad65676427bd9\sdiagnhost.exe
- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchFilterHost.exe
- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchIndexer.exe
- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchProtocolHost.exe
- C:\Windows\sysnative\SecEdit.exe
- C:\Windows\sysnative\secinit.exe
- C:\Windows\sysnative\services.exe
- C:\Windows\sysnative\sethc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe
- C:\Windows\sysnative\setspn.exe
- C:\Windows\sysnative\setupcl.exe
- C:\Windows\sysnative\setupugc.exe
- C:\Windows\sysnative\setx.exe
- C:\Windows\sysnative\sfc.exe
- C:\Windows\sysnative\shrpubw.exe
- C:\Windows\sysnative\shutdown.exe
- C:\Windows\sysnative\sigverif.exe
- C:\Windows\sysnative\slui.exe
- C:\Windows\sysnative\smss.exe
- C:\Windows\sysnative\SndVol.exe
- C:\Windows\sysnative\snmptrap.exe
- C:\Windows\sysnative\sort.exe
- C:\Windows\winsxs\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.1.7601.17514_none_fd2f4b124982e400\SoundRecorder.exe
- C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\spinstall.exe
- C:\Windows\sysnative\spoolsv.exe
- C:\Windows\sysnative\sppsvc.exe
- C:\Windows\sysnative\spreview.exe
- C:\Windows\winsxs\amd64_microsoft-windows-srdelayed_31bf3856ad364e35_6.1.7600.16385_none_b252497a75d8a174\srdelayed.exe
- C:\Windows\sysnative\subst.exe
- C:\Windows\sysnative\svchost.exe
- C:\Windows\sysnative\sxstrace.exe
- C:\Windows\sysnative\SyncHost.exe
- C:\Windows\sysnative\syskey.exe
- C:\Windows\winsxs\amd64_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_4b49a2c2123fd42c\systeminfo.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_533d797efdf7728b\SystemPropertiesAdvanced.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_8c6823f855ef04a5\SystemPropertiesComputerName.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.1.7600.16385_none_25d85b4a3e4a7709\SystemPropertiesDataExecutionPrevention.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f\SystemPropertiesHardware.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_b6cb9ed71c8b43d5\SystemPropertiesPerformance.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_bfa748753634ba48\SystemPropertiesProtection.exe
- C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\SystemPropertiesRemote.exe
- C:\Windows\sysnative\systray.exe
- C:\Windows\sysnative\tabcal.exe
- C:\Windows\sysnative\takeown.exe
- C:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exe
- C:\Windows\sysnative\taskeng.exe
- C:\Windows\sysnative\taskhost.exe
- C:\Windows\sysnative\taskkill.exe
- C:\Windows\sysnative\tasklist.exe
- C:\Windows\sysnative\taskmgr.exe
- C:\Windows\sysnative\tcmsetup.exe
- C:\Windows\sysnative\timeout.exe
- C:\Windows\sysnative\TpmInit.exe
- C:\Windows\sysnative\tracerpt.exe
- C:\Windows\sysnative\TSTheme.exe
- C:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_7df14b591094e7ec\TsUsbRedirectionGroupPolicyControl.exe
- C:\Windows\sysnative\TSWbPrxy.exe
- C:\Windows\sysnative\TsWpfWrp.exe
- C:\Windows\sysnative\typeperf.exe
- C:\Windows\sysnative\tzutil.exe
- C:\Windows\sysnative\ucsvc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_3ddbd9a9605f0519\UI0Detect.exe
- C:\Windows\sysnative\unlodctr.exe
- C:\Windows\sysnative\unregmp2.exe
- C:\Windows\sysnative\upnpcont.exe
- C:\Windows\winsxs\amd64_microsoft-windows-u..ountcontrolsettings_31bf3856ad364e35_6.1.7601.17514_none_e1cb175aef3b13bb\UserAccountControlSettings.exe
- C:\Windows\sysnative\userinit.exe
- C:\Windows\sysnative\Utilman.exe
- C:\Windows\sysnative\VaultCmd.exe
- C:\Windows\winsxs\amd64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_4d5e025e54ba15f8\VaultSysUi.exe
- C:\Windows\sysnative\vds.exe
- C:\Windows\sysnative\vdsldr.exe
- C:\Windows\sysnative\verclsid.exe
- C:\Windows\sysnative\verifier.exe
- C:\Windows\sysnative\vssadmin.exe
- C:\Windows\sysnative\VSSVC.exe
- C:\Windows\sysnative\w32tm.exe
- C:\Windows\sysnative\waitfor.exe
- C:\Windows\sysnative\wbadmin.exe
- C:\Windows\sysnative\wbengine.exe
- C:\Windows\sysnative\wecutil.exe
- C:\Windows\sysnative\WerFault.exe
- C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe
- C:\Windows\sysnative\wermgr.exe
- C:\Windows\sysnative\wevtutil.exe
- C:\Windows\sysnative\wextract.exe
- C:\Windows\sysnative\WFS.exe
- C:\Windows\sysnative\where.exe
- C:\Windows\sysnative\whoami.exe
- C:\Windows\sysnative\wiaacmgr.exe
- C:\Windows\sysnative\wiawow64.exe
- C:\Windows\sysnative\wimserv.exe
- C:\Windows\winsxs\amd64_microsoft-windows-a..ime-upgrade-results_31bf3856ad364e35_6.1.7601.17514_none_21de7e134213566a\WindowsAnytimeUpgradeResults.exe
- C:\Windows\sysnative\wininit.exe
- C:\Windows\sysnative\winload.exe
- C:\Windows\sysnative\Boot\winload.exe
- C:\Windows\sysnative\winlogon.exe
- C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winresume.exe
- C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exe
- C:\Windows\sysnative\winrs.exe
- C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe
- C:\Windows\sysnative\WinSAT.exe
- C:\Windows\sysnative\winver.exe
- C:\Windows\sysnative\wisptis.exe
- C:\Windows\sysnative\wksprt.exe
- C:\Windows\sysnative\wlanext.exe
- C:\Windows\sysnative\wlrmdr.exe
- C:\Windows\sysnative\wowreg32.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_6f4ef219dd693ca6\WPDShextAutoplay.exe
- C:\Windows\sysnative\wpnpinst.exe
- C:\Windows\sysnative\wscript.exe
- C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\WSManHTTPConfig.exe
- C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\wsmprovhost.exe
- C:\Windows\sysnative\wsqmcons.exe
- C:\Windows\sysnative\wuapp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
- C:\Windows\sysnative\WUDFHost.exe
- C:\Windows\sysnative\wusa.exe
- C:\Windows\sysnative\xcopy.exe
- C:\Windows\sysnative\xpsrchvw.exe
- C:\Windows\sysnative\xwizard.exe
- C:\Windows\sysnative\com\comrepl.exe
- C:\Windows\sysnative\com\MigRegDB.exe
- C:\Windows\sysnative\Dism\DismHost.exe
- C:\Windows\sysnative\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe
- C:\Windows\sysnative\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe
- C:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\ditrace.exe
- C:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\xlog.exe
- C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_6a5b38699f97e38d\imjppdmg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\imjpuexc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_763763505e93084b\IMSCPROP.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_b7aa02fc1797974c\IMTCPROP.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\IMCCPHR.exe
- C:\Windows\sysnative\migwiz\mighost.exe
- C:\Windows\sysnative\migwiz\MigSetup.exe
- C:\Windows\sysnative\migwiz\migwiz.exe
- C:\Windows\sysnative\migwiz\PostMig.exe
- C:\Windows\sysnative\oobe\audit.exe
- C:\Windows\sysnative\oobe\msoobe.exe
- C:\Windows\sysnative\oobe\oobeldr.exe
- C:\Windows\sysnative\oobe\Setup.exe
- C:\Windows\sysnative\oobe\setupsqm.exe
- C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\windeploy.exe
- C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXTutorial.exe
- C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXWiz.exe
- C:\Windows\sysnative\sysprep\sysprep.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.1.7600.16385_none_a6c7190f7292676c\scrcons.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\unsecapp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_6.1.7600.16385_none_33f05b889d506d0a\wbemtest.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WinMgmt.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WMIADAP.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WmiApSrv.exe
- C:\Windows\sysnative\wbem\WMIC.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe
- C:\Windows\winsxs\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_c50af05b1be3aa2b\powershell.exe
- C:\Windows\winsxs\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_6.1.7600.16385_none_94861149bb66249c\powershell_ise.exe
- C:\Windows\winsxs\x86_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_d1d79dd7e49a786f\AdapterTroubleshooter.exe
- C:\Windows\winsxs\x86_microsoft-windows-at_31bf3856ad364e35_6.1.7600.16385_none_4cd7fa8ce5381b26\at.exe
- C:\Windows\winsxs\x86_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_cf7705f47fa8cd65\AtBroker.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\attrib.exe
- C:\Windows\SysWOW64\auditpol.exe
- C:\Windows\SysWOW64\autochk.exe
- C:\Windows\SysWOW64\autoconv.exe
- C:\Windows\SysWOW64\autofmt.exe
- C:\Windows\winsxs\x86_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_4f18faed6aae2509\bitsadmin.exe
- C:\Windows\SysWOW64\bootcfg.exe
- C:\Windows\winsxs\wow64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_cd93efad202e5fb6\bthudtask.exe
- C:\Windows\winsxs\x86_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.1.7600.16385_none_58257acb668f62bc\cacls.exe
- C:\Windows\SysWOW64\calc.exe
- C:\Windows\winsxs\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_f59e20ddece8f922\CertEnrollCtrl.exe
- C:\Windows\SysWOW64\certreq.exe
- C:\Windows\SysWOW64\certutil.exe
- C:\Windows\SysWOW64\charmap.exe
- C:\Windows\SysWOW64\chkdsk.exe
- C:\Windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_1898d1bbe9180b39\chkntfs.exe
- C:\Windows\SysWOW64\choice.exe
- C:\Windows\SysWOW64\cipher.exe
- C:\Windows\SysWOW64\cleanmgr.exe
- C:\Windows\SysWOW64\cliconfg.exe
- C:\Windows\SysWOW64\clip.exe
- C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe
- C:\Windows\SysWOW64\cmdkey.exe
- C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmdl32.exe
- C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmmon32.exe
- C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmstp.exe
- C:\Windows\SysWOW64\colorcpl.exe
- C:\Windows\SysWOW64\comp.exe
- C:\Windows\SysWOW64\compact.exe
- C:\Windows\winsxs\x86_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_064cf7cf249d0026\ComputerDefaults.exe
- C:\Windows\SysWOW64\control.exe
- C:\Windows\SysWOW64\convert.exe
- C:\Windows\SysWOW64\credwiz.exe
- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\cscript.exe
- C:\Windows\SysWOW64\ctfmon.exe
- C:\Windows\SysWOW64\cttune.exe
- C:\Windows\winsxs\x86_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_efd12d677fabca7b\cttunesvr.exe
- C:\Windows\SysWOW64\dccw.exe
- C:\Windows\SysWOW64\dcomcnfg.exe
- C:\Windows\SysWOW64\ddodiag.exe
- C:\Windows\winsxs\x86_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_6f74b7d163601da2\DevicePairingWizard.exe
- C:\Windows\winsxs\x86_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_ea20b9269b3c9a2c\DeviceProperties.exe
- C:\Windows\SysWOW64\dfrgui.exe
- C:\Windows\SysWOW64\dialer.exe
- C:\Windows\SysWOW64\diantz.exe
- C:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_6adfcf45f42effcf\diskpart.exe
- C:\Windows\SysWOW64\diskperf.exe
- C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe
- C:\Windows\SysWOW64\Dism.exe
- C:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\DisplaySwitch.exe
- C:\Windows\SysWOW64\dllhost.exe
- C:\Windows\SysWOW64\dllhst3g.exe
- C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnscacheugc.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\doskey.exe
- C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\dpapimig.exe
- C:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_7a1e2959bc43abd5\DpiScaling.exe
- C:\Windows\winsxs\x86_microsoft-windows-directx-directplay4_31bf3856ad364e35_6.1.7600.16385_none_76e6c1802136b090\dplaysvr.exe
- C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_7addf2001d014646\dpnsvr.exe
- C:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_95f92198f65d354d\driverquery.exe
- C:\Windows\winsxs\wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_df7c5af777ec4541\drvinst.exe
- C:\Windows\SysWOW64\dvdplay.exe
- C:\Windows\SysWOW64\dvdupgrd.exe
- C:\Windows\SysWOW64\dxdiag.exe
- C:\Windows\SysWOW64\efsui.exe
- C:\Windows\winsxs\x86_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_419312c477ec702a\EhStorAuthn.exe
- C:\Windows\SysWOW64\esentutl.exe
- C:\Windows\SysWOW64\eudcedit.exe
- C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.1.7600.16385_none_d53926c7a0e7716d\eventcreate.exe
- C:\Windows\winsxs\wow64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_5b41740051c4eca4\eventvwr.exe
- C:\Windows\SysWOW64\expand.exe
- C:\Windows\SysWOW64\explorer.exe
- C:\Windows\SysWOW64\extrac32.exe
- C:\Windows\SysWOW64\fc.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\find.exe
- C:\Windows\SysWOW64\findstr.exe
- C:\Windows\SysWOW64\finger.exe
- C:\Windows\SysWOW64\fixmapi.exe
- C:\Windows\SysWOW64\fltMC.exe
- C:\Windows\SysWOW64\fontview.exe
- C:\Windows\SysWOW64\forfiles.exe
- C:\Windows\SysWOW64\fsutil.exe
- C:\Windows\SysWOW64\ftp.exe
- C:\Windows\SysWOW64\getmac.exe
- C:\Windows\SysWOW64\gpresult.exe
- C:\Windows\SysWOW64\gpupdate.exe
- C:\Windows\SysWOW64\grpconv.exe
- C:\Windows\SysWOW64\hdwwiz.exe
- C:\Windows\SysWOW64\help.exe
- C:\Windows\SysWOW64\hh.exe
- C:\Windows\SysWOW64\icacls.exe
- C:\Windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.1.7600.16385_none_31ae00ebd2fb34b5\icardagt.exe
- C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\icsunattend.exe
- C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7601.17514_none_e292664733bd5af6\ie4uinit.exe
- C:\Windows\SysWOW64\ieUnatt.exe
- C:\Windows\SysWOW64\iexpress.exe
- C:\Windows\winsxs\x86_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.1.7600.16385_none_6c6ad9e2fd62ff6a\InfDefaultInstall.exe
- C:\Windows\SysWOW64\instnm.exe
- C:\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_4c104723794237c2\ipconfig.exe
- C:\Windows\SysWOW64\iscsicli.exe
- C:\Windows\winsxs\x86_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_6.1.7600.16385_none_d7c180d4bd657495\iscsicpl.exe
- C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7601.17514_none_e83a110af77d5aa7\isoburn.exe
- C:\Windows\SysWOW64\ktmutil.exe
- C:\Windows\SysWOW64\label.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a\LocationNotifications.exe
- C:\Windows\SysWOW64\lodctr.exe
- C:\Windows\SysWOW64\logagent.exe
- C:\Windows\SysWOW64\logman.exe
- C:\Windows\SysWOW64\Magnify.exe
- C:\Windows\SysWOW64\makecab.exe
- C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_1c140627131a6df3\mcbuilder.exe
- C:\Windows\SysWOW64\mfpmp.exe
- C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\MigAutoPlay.exe
- C:\Windows\SysWOW64\mmc.exe
- C:\Windows\SysWOW64\mobsync.exe
- C:\Windows\SysWOW64\mountvol.exe
- C:\Windows\SysWOW64\msdt.exe
- C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_190fa02cb006154d\msfeedssync.exe
- C:\Windows\SysWOW64\mshta.exe
- C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe
- C:\Windows\SysWOW64\mspaint.exe
- C:\Windows\winsxs\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_9da1b3254ff796e9\msra.exe
- C:\Windows\SysWOW64\mstsc.exe
- C:\Windows\SysWOW64\mtstocom.exe
- C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.1.7601.17514_none_ebb1ce7438031941\MuiUnattend.exe
- C:\Windows\SysWOW64\ndadmin.exe
- C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_5208a7a3d3caa54c\net.exe
- C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_88e35d5cb2d54359\net1.exe
- C:\Windows\SysWOW64\netbtugc.exe
- C:\Windows\SysWOW64\netiougc.exe
- C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_ed2d0ae971b57e8d\Netplwiz.exe
- C:\Windows\SysWOW64\netsh.exe
- C:\Windows\SysWOW64\newdev.exe
- C:\Windows\SysWOW64\notepad.exe
- C:\Windows\SysWOW64\nslookup.exe
- C:\Windows\SysWOW64\ntkrnlpa.exe
- C:\Windows\SysWOW64\ntoskrnl.exe
- C:\Windows\SysWOW64\ntprint.exe
- C:\Windows\SysWOW64\ocsetup.exe
- C:\Windows\SysWOW64\odbcad32.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_0d4d30a05370cb73\odbcconf.exe
- C:\Windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_e6fcbd244bb7bf74\openfiles.exe
- C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\OptionalFeatures.exe
- C:\Windows\SysWOW64\osk.exe
- C:\Windows\SysWOW64\pcaui.exe
- C:\Windows\SysWOW64\perfhost.exe
- C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\perfmon.exe
- C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\PkgMgr.exe
- C:\Windows\SysWOW64\PkgMgr.exe
- C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\poqexec.exe
- C:\Windows\SysWOW64\poqexec.exe
- C:\Windows\SysWOW64\powercfg.exe
- C:\Windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.2.7601.17514_none_3a2a6a811d2b5065\PresentationHost.exe
- C:\Windows\SysWOW64\prevhost.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\print.exe
- C:\Windows\SysWOW64\printui.exe
- C:\Windows\SysWOW64\proquota.exe
- C:\Windows\SysWOW64\psr.exe
- C:\Windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasautou.exe
- C:\Windows\SysWOW64\rasdial.exe
- C:\Windows\winsxs\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.1.7600.16385_none_963d3becc3a475f1\raserver.exe
- C:\Windows\SysWOW64\rasphone.exe
- C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe
- C:\Windows\SysWOW64\ReAgentc.exe
- C:\Windows\winsxs\x86_microsoft-windows-recover_31bf3856ad364e35_6.1.7600.16385_none_85e9a3f215ee94e3\recover.exe
- C:\Windows\SysWOW64\reg.exe
- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedt32.exe
- C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7600.16385_none_0c2c92921b2478ef\regini.exe
- C:\Windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.7601.17514_none_44aa873ff9136c27\RegisterIEPKEYs.exe
- C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_782d737490d72da3\regsvr32.exe
- C:\Windows\SysWOW64\rekeywiz.exe
- C:\Windows\SysWOW64\relog.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\replace.exe
- C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_a2fcd94e8fba36f5\RMActivate.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_eb5947ea4debcf36\RMActivate_isv.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_71c62979c253e895\RMActivate_ssp.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_f71e39745cb0f950\RMActivate_ssp_isv.exe
- C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_800bbdee85723191\RmClient.exe
- C:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_c90e996c4aa655c4\Robocopy.exe
- C:\Windows\winsxs\x86_microsoft-windows-rpc-ping_31bf3856ad364e35_6.1.7600.16385_none_9d906433a20c1949\RpcPing.exe
- C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_04d9defd57c1f6bf\rrinstaller.exe
- C:\Windows\winsxs\x86_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_5fbe9f67bec0f818\runas.exe
- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe
- C:\Windows\winsxs\x86_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.1.7600.16385_none_10e2654156a06b06\RunLegacyCPLElevated.exe
- C:\Windows\winsxs\x86_microsoft-windows-runonce_31bf3856ad364e35_6.1.7601.17514_none_17c23e881d4a0b0b\runonce.exe
- C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sbunattend.exe
- C:\Windows\SysWOW64\sc.exe
- C:\Windows\SysWOW64\schtasks.exe
- C:\Windows\winsxs\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3d8bb37f97ba22ff\sdbinst.exe
- C:\Windows\winsxs\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_9da1b3254ff796e9\sdchange.exe
- C:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe
- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchFilterHost.exe
- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchIndexer.exe
- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchProtocolHost.exe
- C:\Windows\SysWOW64\SecEdit.exe
- C:\Windows\SysWOW64\secinit.exe
- C:\Windows\SysWOW64\sethc.exe
- C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe
- C:\Windows\SysWOW64\setup16.exe
- C:\Windows\SysWOW64\setupSNK.exe
- C:\Windows\SysWOW64\setupugc.exe
- C:\Windows\SysWOW64\setx.exe
- C:\Windows\SysWOW64\sfc.exe
- C:\Windows\SysWOW64\shrpubw.exe
- C:\Windows\SysWOW64\shutdown.exe
- C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_c82fdb5265bc18af\SndVol.exe
- C:\Windows\winsxs\x86_microsoft-windows-sort_31bf3856ad364e35_6.1.7600.16385_none_ab9479767ad67fd7\sort.exe
- C:\Windows\winsxs\x86_microsoft-windows-srdelayed_31bf3856ad364e35_6.1.7600.16385_none_5633adf6bd7b303e\srdelayed.exe
- C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\subst.exe
- C:\Windows\SysWOW64\svchost.exe
- C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_b0540607b5e5d445\sxstrace.exe
- C:\Windows\SysWOW64\SyncHost.exe
- C:\Windows\SysWOW64\syskey.exe
- C:\Windows\winsxs\x86_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_ef2b073e59e262f6\systeminfo.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_f71eddfb459a0155\SystemPropertiesAdvanced.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_304988749d91936f\SystemPropertiesComputerName.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.1.7600.16385_none_c9b9bfc685ed05d3\SystemPropertiesDataExecutionPrevention.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_40d0db63344deff9\SystemPropertiesHardware.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_5aad0353642dd29f\SystemPropertiesPerformance.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_6388acf17dd74912\SystemPropertiesProtection.exe
- C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\SystemPropertiesRemote.exe
- C:\Windows\SysWOW64\systray.exe
- C:\Windows\SysWOW64\takeown.exe
- C:\Windows\winsxs\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_d03cc6bce93bce83\TapiUnattend.exe
- C:\Windows\SysWOW64\taskeng.exe
- C:\Windows\SysWOW64\taskkill.exe
- C:\Windows\SysWOW64\tasklist.exe
- C:\Windows\SysWOW64\taskmgr.exe
- C:\Windows\SysWOW64\tcmsetup.exe
- C:\Windows\SysWOW64\timeout.exe
- C:\Windows\SysWOW64\TpmInit.exe
- C:\Windows\SysWOW64\tracerpt.exe
- C:\Windows\SysWOW64\TSTheme.exe
- C:\Windows\SysWOW64\TsWpfWrp.exe
- C:\Windows\SysWOW64\typeperf.exe
- C:\Windows\SysWOW64\tzutil.exe
- C:\Windows\SysWOW64\unlodctr.exe
- C:\Windows\SysWOW64\unregmp2.exe
- C:\Windows\SysWOW64\upnpcont.exe
- C:\Windows\SysWOW64\user.exe
- C:\Windows\winsxs\x86_microsoft-windows-u..ountcontrolsettings_31bf3856ad364e35_6.1.7601.17514_none_85ac7bd736dda285\UserAccountControlSettings.exe
- C:\Windows\SysWOW64\userinit.exe
- C:\Windows\SysWOW64\Utilman.exe
- C:\Windows\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_6.1.7600.16385_none_bbbd275974c7e191\verclsid.exe
- C:\Windows\winsxs\x86_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_ba42313afe0efbbb\verifier.exe
- C:\Windows\winsxs\x86_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_c453ab9392f73dca\vssadmin.exe
- C:\Windows\SysWOW64\w32tm.exe
- C:\Windows\SysWOW64\waitfor.exe
- C:\Windows\SysWOW64\wecutil.exe
- C:\Windows\SysWOW64\WerFault.exe
- C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\WerFaultSecure.exe
- C:\Windows\SysWOW64\wermgr.exe
- C:\Windows\SysWOW64\wevtutil.exe
- C:\Windows\SysWOW64\wextract.exe
- C:\Windows\SysWOW64\where.exe
- C:\Windows\SysWOW64\whoami.exe
- C:\Windows\SysWOW64\wiaacmgr.exe
- C:\Windows\SysWOW64\wimserv.exe
- C:\Windows\SysWOW64\wininit.exe
- C:\Windows\SysWOW64\winrs.exe
- C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrshost.exe
- C:\Windows\SysWOW64\winver.exe
- C:\Windows\SysWOW64\wlanext.exe
- C:\Windows\SysWOW64\wowreg32.exe
- C:\Windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_13305696250bcb70\WPDShextAutoplay.exe
- C:\Windows\SysWOW64\write.exe
- C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe
- C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_32e02520f8081891\WSManHTTPConfig.exe
- C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_32e02520f8081891\wsmprovhost.exe
- C:\Windows\SysWOW64\wuapp.exe
- C:\Windows\SysWOW64\wusa.exe
- C:\Windows\SysWOW64\xcopy.exe
- C:\Windows\SysWOW64\xpsrchvw.exe
- C:\Windows\SysWOW64\xwizard.exe
- C:\Windows\SysWOW64\com\comrepl.exe
- C:\Windows\SysWOW64\com\MigRegDB.exe
- C:\Windows\SysWOW64\Dism\DismHost.exe
- C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_0e3c9ce5e73a7257\imjppdmg.exe
- C:\Windows\winsxs\x86_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_0d44b8d3df1c79a9\imjpuexc.exe
- C:\Windows\winsxs\wow64_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_808c0da292f3ca46\IMSCPROP.exe
- C:\Windows\winsxs\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_c1fead4e4bf85947\IMTCPROP.exe
- C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\IMCCPHR.exe
- C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\setup.exe
- C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe
- C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_5aaf419e398215df\mighost.exe
- C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\MigSetup.exe
- C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\migwiz.exe
- C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\PostMig.exe
- C:\Windows\SysWOW64\wbem\mofcomp.exe
- C:\Windows\SysWOW64\wbem\WinMgmt.exe
- C:\Windows\SysWOW64\wbem\WMIADAP.exe
- C:\Windows\SysWOW64\wbem\WMIC.exe
- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
- C:\Windows\winsxs\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_cf5f9aad50446c26\powershell.exe
- C:\Windows\winsxs\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_6.1.7600.16385_none_9edabb9befc6e697\powershell_ise.exe
- C:\Windows\winsxs\amd64_mcupdate_31bf3856ad364e35_6.1.7601.17514_none_26c2d72ec26de8d9\mcupdate.exe
- C:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe
- C:\Windows\ehome\McrMgr.exe
- C:\Windows\ehome\Mcx2Prov.exe
- C:\Windows\ehome\McxTask.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehmsas_31bf3856ad364e35_6.1.7600.16385_none_8707c620868fdf75\ehmsas.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.1.7601.17514_none_53393627486ae37b\ehprivjob.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec_31bf3856ad364e35_6.1.7600.16385_none_a6e882bc6eb8ea53\ehrec.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b\ehshell.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.1.7601.17514_none_88ff132e83a8a275\ehtray.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.1.7601.17514_none_a98ec3ba6b5b3e54\ehvid.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcglidhost_31bf3856ad364e35_6.1.7600.16385_none_05a2b72417ec1c6a\mcGlidHost.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcspad_31bf3856ad364e35_6.1.7600.16385_none_bd8c328b84ea0fba\mcspad.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706\MediaCenterWebLauncher.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7600.16385_none_a8464accb5a91f59\WTVConverter.exe
- C:\Windows\winsxs\amd64_microsoft-windows-eudc-settings_31bf3856ad364e35_6.1.7601.17514_none_b84dc938eed78546\eudcsettings.exe
- C:\Windows\sysnative\gpscript.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_7a9a2f07e4e23a48\ConfigureIEOptionalComponents.exe
- C:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a\isintsup.exe
- C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_6.1.7600.16385_none_b65cdbcf116dd7c5\WMSvc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b\InetMgr6.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_6.1.7601.17514_none_9757fd443892abe7\inetinfo.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\aspnetca.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisreset.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisrstas.exe
- C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iissetup.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.1.7601.17514_none_412fcd2afecdc412\mqbkup.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.1.7601.17514_none_412fcd2afecdc412\mqsvc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0\PresentationSettings.exe
- C:\Windows\winsxs\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_6.1.7601.17514_none_864c8948d3a4b9f3\mqtgsvc.exe
- C:\Windows\sysnative\NetProj.exe
- C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\nfsadmin.exe
- C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\rpcinfo.exe
- C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\showmount.exe
- C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d\mount.exe
- C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d\umount.exe
- C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065\nfsclnt.exe
- C:\Program Files\DVD Maker\DVDMaker.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_698e475b97512fc9\PushPrinterConnections.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..g-xpsdocumentwriter_31bf3856ad364e35_6.1.7601.17514_none_80fea45979a5d3f2\MxdwGc.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.1.7601.17514_none_1229a6f0546e2346\lpq.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.1.7601.17514_none_1229a6f0546e2346\lpr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrm.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmEngine.exe
- C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmUi.exe
- C:\Windows\winsxs\amd64_microsoft-windows-processmodel_31bf3856ad364e35_6.1.7601.17514_none_14e7939dbb62df13\w3wp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_58b4153116c17b41\RDVGHelper.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638\bckgzm.exe
- C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
- C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
- C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
- C:\Program Files\Microsoft Games\Chess\Chess.exe
- C:\Windows\winsxs\amd64_microsoft-windows-s..restartup-baaupdate_31bf3856ad364e35_6.1.7600.16385_none_9243b833ecd918df\baaupdate.exe
- C:\Windows\sysnative\BdeHdCfg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef\BitLockerWizard.exe
- C:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef\BitLockerWizardElev.exe
- C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\SvcIni.exe
- C:\Windows\winsxs\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_6.1.7600.16385_none_f5b8f3d6a353fa89\SnippingTool.exe
- C:\Windows\winsxs\amd64_microsoft-windows-snmp-agent-service_31bf3856ad364e35_6.1.7601.17514_none_555ae6d66ee2630d\snmp.exe
- C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_14f9b9481db6293b\evntcmd.exe
- C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_12c5b5b81f2d2f1d\evntwin.exe
- C:\Windows\winsxs\amd64_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.1.7601.17514_none_7b380cb06fd9d81d\SBEServer.exe
- C:\Windows\sysnative\StikyNot.exe
- C:\Windows\sysnative\hwrcomp.exe
- C:\Windows\sysnative\hwrreg.exe
- C:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3\PDIALOG.exe
- C:\Windows\sysnative\msg.exe
- C:\Windows\sysnative\quser.exe
- C:\Windows\sysnative\qwinsta.exe
- C:\Windows\sysnative\change.exe
- C:\Windows\sysnative\chglogon.exe
- C:\Windows\sysnative\chgport.exe
- C:\Windows\sysnative\chgusr.exe
- C:\Windows\sysnative\logoff.exe
- C:\Windows\sysnative\qappsrv.exe
- C:\Windows\sysnative\qprocess.exe
- C:\Windows\sysnative\query.exe
- C:\Windows\sysnative\reset.exe
- C:\Windows\sysnative\rwinsta.exe
- C:\Windows\sysnative\shadow.exe
- C:\Windows\sysnative\tscon.exe
- C:\Windows\sysnative\tsdiscon.exe
- C:\Windows\sysnative\tskill.exe
- C:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_28c78887678afbb1\mip.exe
- C:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3\FlickLearningWizard.exe
- C:\Windows\sysnative\rdpinit.exe
- C:\Windows\sysnative\rdpshell.exe
- C:\Windows\sysnative\rdpclip.exe
- C:\Windows\sysnative\rdpsign.exe
- C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ConvertInkStore.exe
- C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\InputPersonalization.exe
- C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ShapeCollector.exe
- C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.1.7600.16385_none_644c1a991aac9ffb\InkWatson.exe
- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
- C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Journal.exe
- C:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d\telnet.exe
- C:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsess_31bf3856ad364e35_6.1.7600.16385_none_05ebf19ca2304436\tlntsess.exe
- C:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsvr_31bf3856ad364e35_6.1.7600.16385_none_1ab997fb0a83afdd\tlntsvr.exe
- C:\Windows\winsxs\amd64_microsoft-windows-telnet-server_31bf3856ad364e35_6.1.7600.16385_none_eefcce9868c6d4b7\tlntadmn.exe
- C:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7\smi2smir.exe
- C:\Windows\winsxs\amd64_netfx-clrgc_b03f5f7f11d50a3a_6.1.7601.17514_none_ad7a390fa131c970\clrgc.exe
- C:\Windows\winsxs\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7601.17514_none_b532bb17fea7ee9a\LinqWebConfig.exe
- C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\posix.exe
- C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\psxrun.exe
- C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\psxss.exe
- C:\Windows\winsxs\amd64_wvmic.inf_31bf3856ad364e35_6.1.7601.17514_none_6007c443630c03aa\vmicsvc.exe
- C:\Windows\sysnative\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe
- C:\Windows\sysnative\vmicsvc.exe
- C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.1.7601.17514_none_c0f01f501d19ea73\ehexthost.exe
- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe
- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_e99b83c8fd064a06\InetMgr6.exe
- C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\appcmd.exe
- C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\aspnetca.exe
- C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iisreset.exe
- C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iissetup.exe
- C:\Windows\winsxs\wow64_microsoft-windows-processmodel_31bf3856ad364e35_6.1.7601.17514_none_1f3c3defefc3a10e\w3wp.exe
- C:\Windows\winsxs\wow64_microsoft-windows-snmp-agent-service_31bf3856ad364e35_6.1.7601.17514_none_5faf9128a3432508\snmp.exe
- C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe
- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
- C:\Windows\winsxs\x86_ehexthost32_31bf3856ad364e35_6.1.7600.16385_none_2a78e65a954611a5\ehexthost32.exe
- C:\Windows\SysWOW64\gpscript.exe
- C:\Windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_1e7b93842c84c912\ConfigureIEOptionalComponents.exe
- C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7601.17514_none_0a379bcfbdcffb74\PDMSetup.exe
- C:\Windows\winsxs\x86_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_0d6fabd7def3be93\PushPrinterConnections.exe
- C:\Windows\winsxs\x86_microsoft-windows-s..ccessagent-binaries_31bf3856ad364e35_6.1.7600.16385_none_de06b4fbd5b45f78\BitLockerToGo.exe
- C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe
- C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\SvcIni.exe
- C:\Windows\winsxs\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_b8db1dc46558b805\evntcmd.exe
- C:\Windows\winsxs\x86_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_b6a71a3466cfbde7\evntwin.exe
- C:\Windows\winsxs\x86_netfx-clrgc_b03f5f7f11d50a3a_6.1.7601.17514_none_f5276fe6b5adf276\clrgc.exe
- C:\Windows\winsxs\x86_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7600.16385_none_56e30bcc495bf9ca\LinqWebConfig.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe
- C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe
- C:\Python27\Lib\distutils\command\wininst-6.0.exe
- C:\Python27\Lib\distutils\command\wininst-7.1.exe
- C:\Python27\Lib\distutils\command\wininst-8.0.exe
- C:\Python27\Lib\distutils\command\wininst-9.0-amd64.exe
- C:\Python27\Lib\distutils\command\wininst-9.0.exe
- C:\Windows\Installer\{E2B51919-207A-43EB-AE78-733F9C6797C2}\python_icon.exe
- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-2052-7B44-AB0000000001}\setup.exe
- C:\Users\test\AppData\Local\Google\Update_bak\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\24.0.1312.57\chrome_installer.exe
- C:\Windows\OEM8\OEM8.exe
- C:\Python27\Lib\site-packages\setuptools\cli-32.exe
- C:\Python27\Lib\site-packages\setuptools\cli-64.exe
- C:\Python27\Lib\site-packages\setuptools\cli-arm-32.exe
- C:\Python27\Lib\site-packages\setuptools\cli.exe
- C:\Python27\Lib\site-packages\setuptools\gui-32.exe
- C:\Python27\Lib\site-packages\setuptools\gui-64.exe
- C:\Python27\Lib\site-packages\setuptools\gui-arm-32.exe
- C:\Python27\Lib\site-packages\setuptools\gui.exe
- C:\Python27\Scripts\easy_install.exe
- C:\Python27\Scripts\easy_install-2.7.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32Info.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
- C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
- C:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe
- C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
- C:\Python27\Lib\site-packages\pip\_vendor\distlib\w64.exe
- C:\Python27\Scripts\pip.exe
- C:\Python27\Scripts\pip2.exe
- C:\Python27\Scripts\pip2.7.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroBroker.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\arh.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\LogTransport2.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroTextExtractor.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\wow_helper.exe
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
- C:\Windows\Temp\CR_717EB.tmp\setup.exe
- C:\Users\test\AppData\Local\Temp\2C60FE84-A35B-42FB-8A24-A711AE463348\DismHost.exe
- C:\drsgcrxx\bin\7za.exe
- C:\drsgcrxx\bin\ace26.exe
- C:\MSOCache\All Users\{90140000-006E-0804-0000-0000000FF1CE}-C\dwtrig20.exe
- C:\drsgcrxx\bin\unrar.exe
- C:\drsgcrxx\bin\7z.exe
- C:\drsgcrxx\bin\loader_x64.exe
- C:\drsgcrxx\bin\loader.exe
- C:\drsgcrxx\bin\execsc.exe
- C:\drsgcrxx\bin\signtool.exe
- C:\Users\test\AppData\Local\Google\Chrome\Application\24.0.1312.57\chrome_frame_helper.exe
- C:\Users\test\AppData\Local\Google\Chrome\Application\24.0.1312.57\chrome_launcher.exe
- C:\Users\test\AppData\Local\Google\Chrome\Application\24.0.1312.57\delegate_execute.exe
- C:\Users\test\AppData\Local\Google\Chrome\Application\24.0.1312.57\nacl64.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\1fbd3e4ee1b12dee67963a872eef98d2\ComSvcConfig.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\649a569c838dbced36b0264794641b6d\dfsvc.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\6d3f23868f8cc3d8fbd85ae858a270eb\MSBuild.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\391e0f727bd42bdb92d1e9b540b6dcf4\SMSvcHost.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\fc178d808c17791e5e4a305535506b19\WsatConfig.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\18aaeae2597c557096df7b442f188441\Microsoft.Workflow.Compiler.ni.exe
- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
- C:\Users\test\AppData\Local\Google\Chrome\Application\24.0.1312.57\Installer\setup.exe
- C:\Program Files (x86)\Google\Update_bak\GoogleUpdate.exe
- C:\Program Files (x86)\Google\Update_bak\1.3.21.115\GoogleCrashHandler.exe
- C:\Program Files (x86)\Google\Update_bak\1.3.21.115\GoogleCrashHandler64.exe
- C:\Program Files (x86)\Google\Update_bak\1.3.21.115\GoogleUpdate.exe
- C:\Program Files (x86)\Google\Update_bak\1.3.21.115\GoogleUpdateBroker.exe
- C:\Program Files (x86)\Google\Update_bak\1.3.21.115\GoogleUpdateOnDemand.exe
- C:\Program Files (x86)\Google\Update_bak\1.3.21.115\GoogleUpdateSetup.exe
- C:\Program Files (x86)\Google\Update_bak\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\24.0.1312.57\chrome_installer.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\chrome_frame_helper.exe
- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\chrome_launcher.exe
- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\delegate_execute.exe
- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\nacl64.exe
- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\setup.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\bc92313d82cbd65becd638c88f60dba0\ComSvcConfig.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\f53e86c0bc298a182849239ab9be2293\dfsvc.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\f1fb3c0b49343ef73ce652f2bb33747e\MSBuild.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\bf7d2b87a7efb38f3ffb79d2c95db11c\SMSvcHost.ni.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\01d007718765db76b355c35a3b33996c\WsatConfig.ni.exe
- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
- C:\Program Files (x86)\Mozilla Firefox\updater.exe
- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\9d5065b6666d67088b2a8477d05c1663\Microsoft.Workflow.Compiler.ni.exe
- C:\Python27\RemovePIL.exe
- C:\Windows\Installer\{90140000-006E-0804-0000-0000000FF1CE}\misc.exe
- C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
- C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
- C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
- C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
- C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01590\Setup.exe
- C:\Windows\Microsoft.NET\NETFXRepair.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01590\SetupUtility.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
- C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe
- C:\ProgramData\Package Cache\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\VC_redist.x64.exe
- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe
- C:\Program Files (x86)\Microsoft Office\Office14\misc.exe
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe
- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe
- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe
- C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe
- C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe
- C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- C:\Users\maldun\AppData\Local\Temp\2A016D2D-62A2-446F-AAE7-BE0ABCA65344\DismHost.exe
- C:\drsgcrxx\bin\KdGzOtk.exe
- C:\drsgcrxx\bin\zueuGexV.exe
- C:\Program Files (x86)\WinAce\ccrypt.exe
- C:\Program Files (x86)\WinAce\helpinst.exe
- C:\Program Files (x86)\WinAce\order.exe
- C:\Program Files (x86)\WinAce\sxuninst.exe
- C:\Program Files (x86)\WinAce\wb_setup.exe
- C:\Program Files (x86)\WinAce\winace.exe
- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_Plugin.exe
- C:\Windows\sysnative\Macromed\Flash\FlashUtil64_20_0_0_286_Plugin.exe
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
- C:\Windows\SysWOW64\FlashPlayerApp.exe
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_ActiveX.exe
- C:\Windows\sysnative\Macromed\Flash\FlashUtil64_24_0_0_194_ActiveX.exe
- C:\ProgramData\Oracle\Java\javapath\java.exe
- C:\ProgramData\Oracle\Java\javapath\javaw.exe
- C:\ProgramData\Oracle\Java\javapath\javaws.exe
- C:\Program Files (x86)\7-Zip\7z.exe
- C:\Program Files (x86)\7-Zip\7zFM.exe
- C:\Program Files (x86)\7-Zip\7zG.exe
- C:\Program Files (x86)\7-Zip\Uninstall.exe
- C:\Program Files (x86)\WinRAR\Rar.exe
- C:\Program Files (x86)\WinRAR\Uninstall.exe
- C:\Program Files (x86)\WinRAR\UnRAR.exe
- C:\Program Files (x86)\WinRAR\WinRAR.exe
- C:\ProgramData\Package Cache\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}\vcredist_x64.exe
- C:\ProgramData\Package Cache\{1b103cea-f037-4504-81de-956057b442c3}\vcredist_x64.exe
- C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\jabswitch.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\java-rmi.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\java.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\javacpl.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\javaw.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\javaws.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\jjs.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2launcher.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\keytool.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\kinit.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\klist.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\ktab.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\orbd.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\pack200.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\policytool.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\rmid.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\rmiregistry.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\servertool.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssvagent.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\tnameserv.exe
- C:\Program Files (x86)\Java\jre1.8.0_121\bin\unpack200.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\CHS\Setup.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\CHS\SetupUtility.exe
读取的文件
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Users\test\AppData\Local\Temp\__________________.com.config
- C:\Users\test\AppData\Local\Temp\__________________.com
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Windows\sysnative\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll
- \Device\KsecDD
- C:\Windows\assembly\pubpol49.dat
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\85a40a6654f0aac2a2c52d1deb4d3f17\Microsoft.VisualBasic.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\85a40a6654f0aac2a2c52d1deb4d3f17\Microsoft.VisualBasic.ni.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
- C:
- C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\__________________.com
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\AppID\__________________.com
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\68C23581
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\68C23581
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- advapi32.dll.RegEnumKeyExW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegCloseKey
- advapi32.dll.RegQueryValueExW
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsFree
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.CreateEventExW
- kernel32.dll.CreateSemaphoreExW
- kernel32.dll.SetThreadStackGuarantee
- kernel32.dll.CreateThreadpoolTimer
- kernel32.dll.SetThreadpoolTimer
- kernel32.dll.WaitForThreadpoolTimerCallbacks
- kernel32.dll.CloseThreadpoolTimer
- kernel32.dll.CreateThreadpoolWait
- kernel32.dll.SetThreadpoolWait
- kernel32.dll.CloseThreadpoolWait
- kernel32.dll.FlushProcessWriteBuffers
- kernel32.dll.FreeLibraryWhenCallbackReturns
- kernel32.dll.GetCurrentProcessorNumber
- kernel32.dll.GetLogicalProcessorInformation
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.EnumSystemLocalesEx
- kernel32.dll.CompareStringEx
- kernel32.dll.GetDateFormatEx
- kernel32.dll.GetLocaleInfoEx
- kernel32.dll.GetTimeFormatEx
- kernel32.dll.GetUserDefaultLocaleName
- kernel32.dll.IsValidLocaleName
- kernel32.dll.LCMapStringEx
- kernel32.dll.GetTickCount64
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.ReleaseSRWLockExclusive
- advapi32.dll.EventRegister
- mscoree.dll.#142
- mscoreei.dll.RegisterShimImplCallback
- mscoreei.dll.OnShimDllMainCalled
- mscoreei.dll._CorExeMain
- shlwapi.dll.UrlIsW
- version.dll.GetFileVersionInfoSizeW
- version.dll.GetFileVersionInfoW
- version.dll.VerQueryValueW
- clr.dll.SetRuntimeInfo
- clr.dll._CorExeMain
- mscoree.dll.CreateConfigStream
- mscoreei.dll.CreateConfigStream
- kernel32.dll.GetNumaHighestNodeNumber
- ntdll.dll.RtlVirtualUnwind
- kernel32.dll.GetSystemWindowsDirectoryW
- advapi32.dll.AllocateAndInitializeSid
- advapi32.dll.OpenProcessToken
- advapi32.dll.GetTokenInformation
- advapi32.dll.InitializeAcl
- advapi32.dll.AddAccessAllowedAce
- advapi32.dll.FreeSid
- kernel32.dll.AddSIDToBoundaryDescriptor
- kernel32.dll.CreateBoundaryDescriptorW
- kernel32.dll.CreatePrivateNamespaceW
- kernel32.dll.OpenPrivateNamespaceW
- kernel32.dll.DeleteBoundaryDescriptor
- kernel32.dll.WerRegisterRuntimeExceptionModule
- kernel32.dll.RaiseException
- mscoree.dll.#24
- mscoreei.dll.#24
- psapi.dll.GetProcessMemoryInfo
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- ole32.dll.CoInitializeEx
- cryptbase.dll.SystemFunction036
- ole32.dll.CoGetContextToken
- clrjit.dll.sxsJitStartup
- clrjit.dll.getJit
- advapi32.dll.LookupPrivilegeValueW
- kernel32.dll.GetCurrentProcess
- advapi32.dll.AdjustTokenPrivileges
- kernel32.dll.CloseHandle
- ntdll.dll.NtQuerySystemInformation
- kernel32.dll.LocaleNameToLCID
- kernel32.dll.LCIDToLocaleName
- kernel32.dll.GetUserPreferredUILanguages
- nlssorting.dll.SortGetHandle
- nlssorting.dll.SortCloseHandle
- shell32.dll.SHGetFolderPathW
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoTaskMemFree
- kernel32.dll.GetFullPathNameW
- kernel32.dll.SetThreadErrorMode
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.GetStdHandle
- kernel32.dll.WriteFile
- kernel32.dll.GetConsoleOutputCP
- kernel32.dll.UnmapViewOfFile
- kernel32.dll.GetFileType
- kernel32.dll.GetConsoleScreenBufferInfo
- kernel32.dll.LocalAlloc
- kernel32.dll.CreateFileW
- kernel32.dll.DeviceIoControl
- kernel32.dll.SetConsoleCursorPosition
- version.dll.VerLanguageNameW
- mscoree.dll.GetProcessExecutableHeap
- mscoreei.dll.GetProcessExecutableHeap
- kernel32.dll.CompareStringOrdinal
- clr.dll.CreateAssemblyNameObject
- ole32.dll.CoGetObjectContext
- sechost.dll.LookupAccountNameLocalW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptGenRandom
- ole32.dll.NdrOleInitializeExtension
- ole32.dll.CoGetClassObject
- ole32.dll.CoGetMarshalSizeMax
- ole32.dll.CoMarshalInterface
- ole32.dll.CoUnmarshalInterface
- ole32.dll.StringFromIID
- ole32.dll.CoGetPSClsid
- ole32.dll.CoCreateInstance
- ole32.dll.CoReleaseMarshalData
- ole32.dll.DcomChannelSetHResult
- rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
- clr.dll.CreateAssemblyEnum
- kernel32.dll.ResolveLocaleName
- kernel32.dll.LocalFree
- kernel32.dll.GetConsoleCP
- kernel32.dll.ReadFile